To define L2TP properties for a client-specific profile, include one or more of the following statements at the [edit access profile profile-name client client-name l2tp] hierarchy level:
Note: When you configure the profile, you can configure either L2TP or PPP parameters, but not both at the same time.
interface-id (in the interface-id statement) is the identifier for the interface representing an L2TP session configured at the [edit interfaces interface-name unit local-unit-number dial-options] hierarchy level.
number (in the maximum-sessions-per-tunnel statement) is the maximum number of sessions for an L2TP tunnel.
shared-secret (in the shared-secret statement) is the shared secret for authenticating the peer.
You can specify PPP authentication (in the ppp-authentication statement). By default, the PPP authentication uses CHAP. You can configure this to use Password Authentication Protocol (PAP).
You can configure LNS so it renegotiates LCP with the PPP client (in the lcp-negotiation statement). By default, the PPP client negotiates the LCP with the LAC. When you do this, the LNS discards the last sent LCP configuration request and last received LCP configuration request AVPs from the LAC; for example, the LCP negotiated between the PPP client and LAC.
You can configure the JUNOS Software so that the LNS ignores proxy authentication AVPs from the LAC and reauthenticates the PPP client using a CHAP challenge (in the local-chap statement). By default, the PPP client is not reauthenticated by the LNS. When you do this, the LNS directly authenticates the PPP client.
You can configure the PPP MP for L2TP if the PPP sessions that are coming into the LNS from the LAC have multilink PPP negotiated. When you do this, you join multilink bundles based on the endpoint discriminator (in the multilink statement).
Note: The drop timeout and fragmentation threshold for a bundled multilink might belong to different tunnels. The different tunnels might have different drop timeout and fragmentation thresholds. We recommend configuring group profiles instead of profiles when you have L2TP tunnels.